lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Jun 25 23:11:00 2006 From: seclists at syneticon.de (Denis Jedig) Subject: Whitepaper: IT (in)security implementation in a real world example Greetings to the list, I have written a short paper on principles and failures of IT security based on a real-world example of a (yet unpublished) issue with DB CarSharing - a German car rental company. Extract: Preface This paper is not meant to be a disclosure or accusation. Although it is based on a true story and describes a rather concerning security-related issue, its focus is the analysis of security issues in projects heavily dependant on IT. Its primary goal is to serve as a guideline for people intending to do better than today. Story For a couple of months now DB Carsharing is largely advertized as a convenient car rental service (you can get cars on an hourly basis) offered by a company named DB Rent ? a subsidiary of Deutsche Bahn - throughout all German railway stations. However, this public service becomes a potential danger to its customers ? due to inherent flaws in handling of sensitive data, insufficient user restrictions and significant flaws in vulnerability management. The paper can be found at http://syneticon.net/support/security/security-by-example.html in HTML for your convinience. Regards, Denis Jedig syneticon networks GbR
Powered by blists - more mailing lists